Reprepro is a small command-line tool to create and manage .deb repositories easily, Today we’ll be showing how to create a Debian package repositories easily using reprepro and how to upload it to Sourceforge.net using rsync command.
Step 1: Install Reprepro and Generate Key
First, install all the necessary packages, using the following apt-get command.
$ sudo apt-get install reprepro gnupg
Now you need to generate a gpg key using gnupg, to do this, apply this command.
$ gpg --gen-key
It will ask you some questions, like the kind of the key you want, how long the key should be valid, if you don’t know what to answer, just click Enter for the default options (recommended).
Of course, it will ask you for a username and a password, keep those in mind, because we will need them later.
gpg (GnuPG) 1.4.14; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) Y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <[email protected]>"
Real name: ravisaive
Email address: [email protected]
Comment: tecmint
You selected this USER-ID:
"Ravi Saive (tecmint) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
gpg: key 2EB446DD marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/2EB446DD 2014-06-24
Key fingerprint = D222 B1C9 342E 5911 02B1 9147 3BD6 7918 2EB4 46DD
uid Ravi Saive (tecmint) <[email protected]>
sub 2048R/7EF2F750 2014-06-24
Now your key will be generated, to Check if so, run this command as a root privileges.
$ sudo gpg --list-keys
Sample Output
/home/ravisaive/.gnupg/pubring.gpg ---------------------------------- pub 2048R/2EB446DD 2014-06-24 uid ravisaive (tecmint) <[email protected]> sub 2048R/7EF2F750 2014-06-24
Step 2: Create a Package Repository and Export Key
We’ll start the work now to create the repository, first you have to create some folders, our repository will be in /var/www/apt directory, so let’s create some folders.
$ sudo su # cd /var/www # mkdir apt # mkdir -p ./apt/incoming # mkdir -p ./apt/conf # mkdir -p ./apt/key
You have now to export the key you created to the repository folder, run.
# gpg --armor --export username [email protected] >> /var/www/apt/key/deb.gpg.key
Note: Replace username with the username you entered in above step, and [email protected] with your email.
We need to create a file called “distributions” inside /var/www/apt/conf.
# touch /var/www/apt/conf/distributions
Add these following lines to the distributions file and save the file.
Origin: (yourname) Label: (name of repository) Suite: (stable or unstable) Codename: (the codename for the distribution you are using, like trusty) Version: (the version for the distribution you are using, like 14.04) Architectures: (the repository packages architecture, like i386 or amd64) Components: (main restricted universe multiverse) Description: (Some information about the repository) SignWith: yes
Next, We’ll have to create the repository tree, to do this, run those commands.
# reprepro --ask-passphrase -Vb /var/www/apt export
Sample Output
Created directory "/var/www/apt/db" Exporting Trusty... Created directory "/var/www/apt/dists" Created directory "/var/www/apt/dists/Trusty" Created directory "/var/www/apt/dists/Trusty/universe" Created directory "/var/www/apt/dists/Trusty/universe/binary-i386" FF5097B479C8220C ravisaive (tecmint) <[email protected]> needs a passphrase Please enter passphrase: Successfully created '/var/www/apt/dists/Trusty/Release.gpg.new' FF5097B479C8220C ravisaive (tecmint) <[email protected]> needs a passphrase Please enter passphrase: Successfully created '/var/www/apt/dists/Trusty/InRelease.new'
Step 3: Add Packages to Newly Created Repository
Now prepare your .deb packages to be added to the repository. Go to the /var/www/apt directory, you have to do this each time you want to add packages.
# cd /var/www/apt # reprepro --ask-passphrase -Vb . includedeb Trusty /home/ravisaive/packages.deb
Note: Replace trusty with the codename you entered for the repository in the distributions file, and replace /home/username/package.deb with the path to the package, you will be asked for the passphrase to enter.
Sample Output
/home/ravisaive/packages.deb : component guessed as 'universe' Created directory "./pool" Created directory "./pool/universe" Created directory "./pool/universe/o" Created directory "./pool/universe/o/ojuba-personal-lock" Exporting indices... FF5097B479C8220C ravisaive (tecmint) <[email protected]> needs a passphrase Please enter passphrase: Successfully created './dists/Trusty/Release.gpg.new' FF5097B479C8220C ravisaive (tecmint) <[email protected]> needs a passphrase Please enter passphrase: Successfully created './dists/Trusty/InRelease.new'
Your package is added to the repository, to remove it.
# reprepro --ask-passphrase -Vb /var/www/apt remove trusty package.deb
And of course, you need to modify the command with your package name and the repository codename.
Step 4: Upload Repository to Sourceforge.net
To upload the repository to Sourceforge.net, you need to have a running account there of course, and a running project, let’s assume that you want to upload the repository to http://sourceforge.net/projects/myfoo/testrepository where myfoo is your project name (UNIX name, not URL, not the Title), and testrepository is the folder where you want to upload the files into, We will do this using rsync command.
# rsync -avP -e ssh /var/www/apt/ [email protected]:/home/frs/project/myfoo/testrepository/
Note: Replace username with your username on sourceforge.net and myfoo with your project UNIX-name and testrepository with the folder you want to store the files in.
Now thats your repository is uploaded to http://sourceforge.net/projects/myfoo/testrepository, to add it to your installed system, first you have to import the repository key, it will be in /var/www/apt/key/deb.gpg.key, but that’s a local path and the users for your repository won’t be able to add it to their systems, thats why we’ll be importing the key from sourceforge.net.
$ sudo su # wget -O - http://sourceforge.net/projects/myfoo/testrepository/apt/key/deb.gpg.key | apt-key add -
You can add the repository easily now to your system, open /etc/apt/sources.list and add this line.
deb http://sourceforge.net/projects/myfoo/testrepository/apt/key/deb.gpg.key trusty main
Note: Replace myfoo with your project UNIX-Name, trusty with your repository codename, testrepository with the folder you uploaded the files into, and main with repository components you added to the distributions file.
Next, run following to update the repositories list.
$ sudo apt-get update
Congratulations! Your repository is active! You can now install packages easily from it if you want.
Will this also work with Debian Wheezy and github instead of sourceforge ?
@Fernand,
Yes, I think so it will work with all Debian/Ubuntu derivatives..
Thanks Ravi,
I think I am almost there…
On step 3, when adding my deb package to my repo, reprepro asks for a passphrase for a key I created months ago and I do not remember it and it is not the key I exported to my repo.
Do I really need it to ask for a passphrase ? What is the risk ? How do I delete the old key ?
When pushing to github, I guess I push everything except .git and ignored files, am I right ?
Best regards
why in my distribution nor work. In step 2, when I export the key, it’s not work, It’s OutPut :
# gpg –armor –export asrilmarhamah [email protected] >> /var/www/apt/key/deb.gpg.key
gpg: WARNING: nothing exported
whats wrong?
Thanks before.
Once repository is uploaded to sourceforge, how do you add new packages to that repsitory ? or how do you sync new packages to that repository ?
nvm, figured it out. However, sourceforge takes quite a long time to generate links for the files … much longer than they used to.
I comment when I appreciate a article on a blog or I have something
to valuable to contribute to the conversation. It’s caused by the
fire communicated in the article I read. And on this post Create A “.deb Package Repository” at Sourceforge.net Using
“Reprepro” Tool in Ubuntu. I was moved enough to create a thought :-) I
do have some questions for you if it’s okay. Could it be only me or
do a few of these responses appear like written by brain dead folks?
:-P And, if you are posting on other online social sites, I’d
like to follow you. Could you list all of your public
pages like your Facebook page, twitter feed, or linkedin profile?
Thank you
Great tutorial